One of the effects of writing a book is that I don't have the time to devote to other writing. So while I've been wanting to write about Anonymous vs. HBGary, I don't think I will have time. Here's an excellent series of posts on the topic from ArsTechnica.

In cyberspace, the balance of power is on the side of the attacker. Attacking a network is *much* easier than defending a network. That may change eventually -- there might someday be the cyberspace equivalent of trench warfare, where the defender has the natural advantage -- but not anytime soon.

A physical biometric wallet: $825.http://www.dunhill.com/en-us/shoponline/leather/...http://www.thetechherald.com/article.php/201105/...
I don't think I understand the threat model. If your wallet is stolen, you're going to replace all your ID cards and credit cards and you're not going to get your cash back -- whether it's a normal wallet or this wallet. I suppose this wallet makes it less likely that someone will use your stolen credit cards quickly, before you cancel them. But you're not going to be liable for costs incurred during that delay in any case.

Criminals are stealing cars by calling tow trucks. It's a clever hack, but an old problem: the authentication in these sorts of normal operations isn't good enough to prevent abuse.http://www.wsmv.com/news/26878155/detail.html

NIST has just defined two new versions of SHA-512. They're SHA-512/224 and SHA-512/256: 224- and 256-bit truncations of SHA-512 with a new IV. They've done this because SHA-512 is faster than SHA-256 on 64-bit CPUs, so these new SHA variants will be faster.

This is a good thing, and exactly what we did in the design of Skein. We defined different outputs for the same state size, because it makes sense to decouple the internal workings of the hash function from the output size.

Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues are also available at that URL.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Threefish, Helix, Phelix, and Skein algorithms. He is the Chief Security Technology Officer of BT BCSG, and is on the Board of Directors of the Electronic Privacy Information Center (EPIC). He is a frequent writer and lecturer on security topics. See <http://www.schneier.com>.

Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of BT.